Over the last few days, CipherTrace has managed to trace some funds that have been recently stolen by Twitter hackers in a “giveaway” scam involving crypto gambling websites and peer-to-peer (P2P) exchanges.
Yesterday, the blockchain forensics company revealed that 0.2 Bitcoin had been transferred to a peer-to-peer exchange by using what it called a “peel chain”. The same method was used by the hackers to transfer funds to a crypto casino.
As explained by CipherTrace, so-called “peel chains” are actually chains of e-wallets that hackers use to transfer funds to make the movement of illegally obtained crypto funds unintelligible and undetectable. According to the blockchain forensics firm that has been investigating the scheme, the scam is believed to be preferred by hackers originating from North Korea. Ciphertrace has estimated that Chinese nationals linked to North Korea have so far laundered over $100 million using similar peel chains.
In an effort to flag certain Bitcoin transactions suspicious before they are confirmed to its software suite, CipherTrace also announced the launch of “real-time transaction risk scoring”. The new software is to provide ATM operators, payment processors and crypto exchanges with the chance to quickly block and investigate transactions that have been marked as suspicious before these transactions are finalized on the blockchain.
Hackers Used So-Called “Peel Chains” to Transfer Funds to Gambling Platforms, Crypto and P2P Exchanges
The beginning of the week saw Ciphertrace reveal that Twitter hackers had set a number of peel chains to transfer the stolen funds to various gambling platforms, peer-to-peer marketplaces and crypto exchanges.
As the firm reported, movement of sums of between 0.1 and 0.15 Bitcoin to exchanges located in the US, India and Turkey, and a transaction of more than 1 Bitcoin to a Singapore-based regulated exchange. A total of 18 transactions made by Twitter hackers to various crypto platforms have been identified by the company while investigating the scheme. Apart from that, Ciphertrace also managed to identify a transfer to an old Binance cold wallet that, according to the firm, was used to mislead investigators.
Early reports of the incident have shown that many of the transfers carried out by the hackers were aimed at coin mixing services, the hackers seem to have become more oriented to crypto trading venues when making laundering efforts.
According to reports, on July 16th, a deposit of 2.89 Bitcoin, which represents approximately 22.5% of the stolen funds, was made into Wasabi wallet, which traffic is tunneled through the same encrypted network – TOR – used to access the dark web. The investigation found that on the next day, the hackers moved 0.1022 Bitcoin into ChipMixer, which is used as a tool by users to make their fund movements undetectable.
CipherTrace also found that the first movement of the stolen crypto into an attributed entity was to Binance cold wallet that has not been used for making a transaction since November 2018. According to the firm, the transaction was made to “troll” investigators rather than to actually transfer any funds. As mentioned above, a Bitcoin into a cryptocurrency exchange based in Singapore was also found.